CSCI 370-01 Information Security, Fall 2017



Name:              Shin-Ping Liu Tucker, Ph.D.      

Office:              Swenson 3025

Phone:              715-394–8466


Class:               9/5-12/22, 12:00–1:50PM, MWF, SW3011

Office Hours:    M 2-3pm, T 1-3pm and W 2-4pm, or by appointment

Materials:          See Desire2Learn (D2L)


Required Textbooks

·         Whitman, M. & Mattord, H. (2017). Principles of Information Security (6th Edition). Boston, MA: Cengage Learning. (ISBN 1-337-10206-7)


Session Guide

This Session Guide is provided for your convenience. Minor tweaks and edits are almost inevitable as the semester proceeds. You should check this session guide from D2L frequently. ALL assignments have to link to your website (i.e., your index.html main page).





1) 9/6(W) 9/8(F)

· Syllabus

· Introduction to the Web Server and WinSCP

· Install WinSCP.exe

· Create your index.html main page (see “Link assignments to your index.html main page” handout)

· Read Syllabus twice

· Post your biography to Communication tab -> Discussions ->Your Bio & comment on others by 9/15 (F)


2) 9/11(M) 9/13(W) 9/15(F)

· CH1 Introduction to Information Security


· CH1 (Due 9/15, F): Answer any 5 Exercises questions on p45

· WCH1 (Due 9/15, F): Work on the red circles from p6-58

3) 9/18(M) 9/20(W) 9/22(F)

· CH2 The Need for Security


· CH2 (Due 9/22, F): Answer 5 Exercises questions on p117

· WCH2 (Due 9/22, F): Work on the red circles from p77-140

4) 9/25(M) 9/27(W) 9/29(F)

· CH3 Legal, Ethical, and Professional Issues in Information Security

· CH3 (Due 9/29, F): Answer 5 Exercises questions on p166

· WCH3 (Due 9/29, F): Work on the red circles from p156-204

5) 10/2(M) 10/4(W) 10/6(F)

· EXAM1 (10/2, M): CH1-3

· CH4 Planning for Security

· CH4 (Due 10/6, F): Answer 5 Exercises questions on p247-248

· WCH4 (Due 10/6, F): Work on the red circles from p246-289

6) 10/9(M) 10/11(W) 10/13(F)

· CH5 Risk Management

· CH5 (Due 10/13, F): Answer 5 Exercises questions on p320-321

· WCH5 (Due 10/13, F): Work on the red circles from p305-354

7) 10/16(M) 10/18(W) 10/20(F)

· CH6 Security Technology: Access Controls, Firewalls and VPNs

· CH6 (Due 10/20, F): Answer 5 Exercises questions on p382

· WCH6 (Due 10/20, F): Work on the red circles from p371-409

8) 10/23(M) 10/25(W) 10/27(F)

· CH7 Security Technology: Intrusion Detection and Prevention Systems, and Other Security Tools

· CH7 (Due 10/27, F): Answer 5 Exercises questions on p445

· WCH7 (Due 10/27, F): Work on the red circles from p447-482

9) 10/30(M) 11/1(W) 11/3(F)

· EXAM2 (10/30, M): EXAM1 & CH 4-7

· CH8 Cryptography

· CH8 (Due 11/3, F): Answer 5 Exercises questions on p496-497

· WCH8 (Due 11/3,F): Work on the red circles from p500-551

10) 11/6(M) 11/8(W) 11/10(F)

· CH9 Physical Security

· CH9 (Due 11/10, F): Answer any 5 Exercises questions on p534

11) 11/13(M) 11/15(W) 11/17(F)

· CH10 Implementing Information Security


· CH10 (Due 11/17, F): Answer 4 Exercises questions on p576

12) 11/20(M) 11/22(W) 11/24(F)

· EXAM3 (11/20, M): EXAM1-2 & CH 8-10

· CH11 Security and Personnel

· CH11 (Due 12/1, M): Answer 5 Exercises questions on p622

13) 11/27(M) 11/29(W) 12/1(F)

· CH11 Security and Personnel

· CH12 Information Security Maintenance

· CH12 (Due 12/8, F): Answer 5 Exercises questions on p689

14) 12/4(M) 12/6(W) 12/8(F)

· CH12 Information Security Maintenance

· Final Presentations (12/8, F): Class ID 0001-0005

· Final Project (Due- prior to your presentation day): If missing, 10% off penalty will be given each time; presentations will follow by the class ID order

15) 12/11(M) 12/13(W) 12/15(F)

· Final Presentations (12/11, M): Class ID 0006-00010 & Teaching Evaluation

· Final Presentations (12/13, W): Class ID 00011-0015

· Finalizing overall grades including final project & participation grades (12/15, F)

· After the last day of class (12/15, F), the instructor would refuse to update any grades.

16) 12/18 (M)

· EXAM 4 (i.e., Final Exam, 12/18, M, 12:00-2:00PM): EXAM1-3 & CH11-12

· Final exam (12/18, M) includes multiple-choice questions only.



Provides the knowledge of information assurance and security necessary for modern programmers, analysts, and other IT professionals and important for business managers, auditors and many other careers. Covers a diverse range of topics recommended by the Association for Computing Machinery, including operational issues, policies and procedures, attacks and defense mechanisms, risk analysis, recovery and business continuity, data security, cryptography, and digital forensics.


Intended Outcomes

·         Understand key knowledge areas of Information Systems Security

·         Comprehend risk management, cryptography, and physical security

·         Use the real-world examples and scenarios to reflect technology’s latest capabilities and trends

·         Guide students with integrity of heart and skillful hands


Evaluation procedure

There are two main principles in our grading policy, fairness and transparency. You should follow all policies on the syllabus and check on your grades on D2L frequently. The overall final grading procedure is as follows:


I. Assignments


You have to link to your web site

II. Four (4) exams


All exams are comprehensive.

III. Final Project


Your professional presentation is extremely important.

IV. Participation


Each absence will take 20 points off up to a total of 100 points of the Participation grade.





Calculated your own grade:

Your Overall Final Grade= AvgOfAssignments*0.4 + AvgOfExams*0.4 + FinalProject*0.1 + Participation*0.1


Your current grade status will be always available in the D2L Grades (not Quizzes) section. You should check on your current grades on D2L frequently. Your overall final grade will be assigned based on your total weighted average as follows.

B+  87-89

C+  77-79

D+  67-69

A   94 and above

B   84-86

C   74-76

D   64-66

F   Below 60

 A-   90-93

 B-   80-83

 C-   70-73

 D-   60-63


I. Assignments (40%): The total is 100 points for each assignment.

1.     Link all assignments to your web site. The HTML pages preferred.

2.     Forgetting to submit your assignment is not a good excuse. Please do not ask the instructor for credit back.

3.     All assignments are due no later than 4:30pm on the due date.

4.     All assignments not turned in will incur a 10% penalty for every day late up to three (3) calendar days. After the third calendar day, assignment turned in will count for zero.

5.     If you have an acceptable documented excuse for your absence, you have to turn in your assignment in 3 calendar days after the day excused for full points; otherwise assignment turned in will count for zero.

6.     All assignments are a one-week assignment, not a one-day assignment. You must work on your assignments as early as you can. Do not complain about the heavy work.

7.     Since the due dates of all assignments are included on this syllabus, a slow learner should work on assignments ahead of time.


II. Four Exams (40%):

1.     The format of the exams includes two parts (except Final Exam): Part 1 Multiple choice questions on D2L and Part II hands-on project (or paper-based essay questions). The final exam includes multiple-choice questions only. You have to choose the best answer for these multiple-choice questions.

2.     Before you start to answer exam questions, you must read the following policies first:

1)    This is not an open-book exam.

2)    You won't be allowed to use any books or other paper-based materials.

3)    You won't be allowed to see each other's computer.

4)    You won't be allowed to talk to each other. If you have any questions, you can raise your hand and the instructor will talk to you.

5)    You must finish Part 1 first before you start Part II; otherwise, the instructor will assume that you are cheating.

6)    You only allow opening one single window for Part I Multiple Choice questions; otherwise the instructor will assume that you are cheating.

7)    If you fail to follow above (1) to (6), the instructor will ask you to leave and a grade of ZERO will be given. Do not try to bend these policies. The instructor will be very strict during the exam.

8)    After uploading your working file to the Dropbox, re-open your file and make sure that it is workable!

9)    Troubleshooting for all technical problems is part of test, too (except campus-wide power or network failure). It is your responsibility to pick a good computer prior to the exam day.

10)  This is your exam. Do not expect that the instructor will help you out during the exam time.

11)  During the exam time, all students have to monitor each other. If you see someone violate the exam policy, you must make a report to the instructor.


III. Final Project (10%):

1.     Objectives: Create a professional web site along with video production on a topic that is related to the following one of the questions. You can also choose your own topic related to the information security.

1)    What is information security, and how does it affect education?

2)    What is information security, and how does it affect health?

3)    What is information security, and how does it affect money?

4)    What is information security, and how does it affect leisure?

5)    What is information security, and how does it affect government?

6)    What is information security, and how does it affect careers?

2.     Required Contents:

1)    The website should include the title, course name, term/date, student and instructor names, introduction, milestone events, human impacts (pros/cons), video, narrative (at least 500 words), references, etc.

2)    The video production must be original and contain your own narrative (at least 500 words). You must avoid copyright issues from your capstone project.

(1)   You may include other people’s video clips in your video production as a supplement (less than two minutes totally).

(2)   The video caption is preferred; otherwise, post key points of texts on slides in your video.

(3)   You must include references in the end of your video production to avoid copyright issues.

(4)   At least 500-word narrative is due at midterm (post it to the Coffee House). The length of video production should be approximate 7-12 minutes.

(5)   Turn in a DVD copy of your website and video MP4 files.

(6)   Upload your video to YouTube and have a YouTube link on your website (watch out the copyright issues!)

3.     Presentation: Presentation should be approximate 10 minutes (but not limited to) in length for each person. Failing to make a presentation on time, a 10% off penalty will be given per time. Failing to make a presentation, a grade of zero will be given to your final project.

3.     If you feel the preceding information is insufficient for the final project, it is your responsibility to ask the instructor about the details. Working closely with the instructor is extremely important!


IV. Participation and Discussion (10%):

1.     The Participation grade is a reward to the students who are always present and show up in class on time.

2.     Each absence will take 20 points off up to a total of 100 points of the Participation grade (i.e., each absence will take 2% off up to a total of 10% of your overall grade).

3.     Punctuality is extremely important for this class! After the instructor takes the roll, do not ask your instructor to fix the attendance roll. (Note that one time tardiness will be allowed.)

4.     Active participation in class discussions is part of the grades as well.


Course Policies

Course policies are highly related to your overall grades. Please read carefully before the class starts.

1.     The World Is Flat (by Thomas L. Friedman; one of the New York Times bestselling books in 2005). Do not complain about the instructor’s accent, unless you can speak a second language better than the instructor does. If you cannot understand the instructor’s speech, you should raise a hand or voice and then ask for a repeat immediately.

2.     If you are absent when an exam is given or when an assignment is due, you will receive a grade of zero unless the absence or missed assignment is excused. To be excused, you must present a paper-based excuse note to the instructor in 3 calendar days after the day excused for full points. The paper-based excuse note could be one of the following items.

1)    A note signed by a physician or nurse,

2)    A note signed by authority, e.g., a coach or professor.

3)    A receipt from your medicine; e.g., Tylenol. (Note that one time medicine bottle/package will be allowed.)

4)    A picture for your car problem; e.g., a flat tire.

5)    The excuse notes signed by friends, parents or other family members are NOT acceptable.

3.     Planned exams can be rescheduled if notified two (2) days in advance along with acceptable documented excuses.

4.     If you are a college athlete, you should turn in your entire game schedule to your instructor in the beginning of the semester. Rescheduling exams in 2 days in advance is your responsibility.

5.     Absolutely no late rescheduling will be allowed after the exam date.

6.    Since the exam/assignment dates are included on this syllabus, it is your responsibility to plan your outside work schedule accordingly. Please notify your employer that work related absences are not sufficient excuses for missing an exam or an assignment. (Note that one time work excuse will be allowed.)

7.     Buying the textbooks and bringing them to the classroom are your responsibilities. Do not ask and borrow the textbooks from your instructor; otherwise 5 points off the Participation grade will be given each time.

8.    Students who plan to drop this course must do so prior to the scheduled drop deadline date. The Instructor will ABSOLUTELY NOT sign drop slips after this date.

9.     Self-study is extremely important for college-level courses. The instructor only provides the outlines for each chapter. Pre-study can help you understand the lectures better.

10.  It is your responsibility to attend class regularly and to complete all readings and assignments on time. You are responsible for finding out what assignments were made and what material was covered on the days you miss class. Ignorance is no excuse.

11.  Cheating and plagiarism are unacceptable practices. Anyone caught will be expelled from class and receive an F for the semester. Other academic misconduct will be treated on a case-by-case basis as discussed in the Student Handbook.

12.  Fairness is extremely important to the entire class. After posting the overall final grade, student should not ask for a NEW grade. Students only receive the grade what they have earned,

13.  Classroom policies: Students are NOT allowed to (1) Use the printer during the lecture and exam time (2) Have the phone ring or other electronic noises during the lecture and exam time. If student fails to follow above (1) to (2), he or she must bring pizza (or other snacks) to classroom during the final presentation time; otherwise, a penalty of 20 participation points off will be given.


University Policies

The link for a Student Information Sheet of campus policies is located at the following URL (click “Syllabus Attachment”).  



Link assignments to your index.html main page


I. Linux Web Server

We'll use the Linux web server CS3 to support our websites. Below is the information you need for this class and your web site is ready to go now.

1.    User Name: cs3 + your e-hive user ID (must be in all lower-case letters; e.g., cs3stucker5)
Password: Your 7-digit student ID number

2.    Web Site: (e.g.,

3.    Server Policy: Students are only allowed to put the stuff relevant to their class. The instructor will monitor the server’s activities and will disable the accounts of the violators.


II. Publish the website on the Linux web server

We need to use “Windows Secure CoPy” (WinSCP) to transfer files from windows to Linux (i.e., transfer files from your local drive to the CS3 web server).

1.     Download WinSCP.exe from Materials-> Content-> Web Resources-> WinSCP.exe

2.     Double Click WinSCP.exe to open WinSCP

3.     Enter Host Name:, your user ID and password.


4.     Create a new public_html folder and then copy all working files (i.e., the assignment's web sites) to the public_html folder


5.     Create a main page index.html from Expression Web:
Open Expression Web-> Enter course name, student name, and each chapter’s assignment name as figure below. Select the link text-> click Insert tab-> Hyperlink, select your assignment file and then click ok. Click File tab-> save your file as index.html (NOT index.htm or index.html.doc). You must choose “Save as type: Web Page, Filtered.”



Open WinSCP and upload all files (including the main page index.html and assignment files) to the public_html folder. Just simply drag and drop all your files from the left side (your local drive) to the right side (CS3 web server: public_html)


6.     Check on your URL at (for example, in the browser and make sure the assignment’s hyperlinks are working. A grade of zero will be given to the broken links for your assignments.

Click the example site